suppose I have the following ssh session:
userA@boxA -> userB@boxB -> userC@boxC
now, from boxC
, as userC
, I would like to have the information that the ssh connection came from userB@boxB
which in turn came from userA@boxA
.
now I have the following ssh session along with the first ssh session:
userD@boxD -> userB@boxB
from boxB
, as userB
, I would like to have the information that the connection came from userD@boxD
and that there is a second ssh session coming from userA@boxA
.
is this information available and accessible as user? is it even available at all?
if not, is there any "easy" way to make this information available? with easy I mean without hacking and recompiling sshd, and without having to have root access on the machines.
Best Answer
The official way to send environment variables from client to server is through
SendEnv
andAcceptEnv
. The problem is that you need root access on the server to configureAcceptEnv
. Most servers are configured to accept no or only a few predetermined variables.I found two tricks to send environment variables from client to server, both work without needing root access on the server.
trick one:
this will connect to server and then execute the command
SSH_ORIGIN=$USERNAME@$HOSTNAME bash
, with$USERNAME
and$HOSTNAME
already replaced on the client side. then, on the server side, you can further process the information contained in the variableSSH_ORIGIN
.the
-t
is needed otherwise bash will be started on the server without a tty (try it, you will see).a slight modification will allow to pass the information transitively down a longer ssh chain.
discussion:
.profile
is not read)..bashrc
is read twice). once by sshd and once by the user command.trick two:
first you must generate a ssh key and transfer that to
~/.ssh/authorized_keys
on the server. then prepend the line withcommand="$SHELL"
. see the sshd manpage for more information on this.connect to ssh server using the command:
this will connect to the server but this time the variable assignment is not executed. instead, the string is stored in the environment variable
$SSH_ORIGINAL_COMMAND
. then the command provided in~/.ssh/authorized_keys
is executed. once you are in the shell you can process the information contained in$SSH_ORIGINAL_COMMAND
.as above, you can make this transitive:
discussion:
$SSH_ORIGINAL_COMMAND
. if you want to execute a command over ssh you can use a different ssh key or have your shell init file to detect and execute$SSH_ORIGINAL_COMMAND
.